From: "Remus" <rmocius@auste.elnet.lt>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Problem with VPN routing from internal network + tun0 and traffic shaping
Date: Fri, 08 Oct 2004 13:46:00 +0000 [thread overview]
Message-ID: <019901c4ad3d$25a57ff0$6e69690a@RIMAS> (raw)
In-Reply-To: <014301c4ad26$82e206f0$6e69690a@RIMAS>
You are correct Peter.
But that is not enough to have access from client local lan to serevr client
local lan.
The line below helpped me to fix it:
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o tun0 -j SNAT --to-source
10.0.0.2
So there is one more problem, how to access from the server local net
client's local net?
Any ideas?
And how to shape traffic going via tun0?
At the moment I have htb on eth0 and imq0 to shape in and out traffic?
But what about VPN traffic which goes via tun0?
Thanks
Remus
----- Original Message -----
From: "Peter Huetmannsberger" <huetmann@site38.ping.at>
To: <lartc@mailman.ds9a.nl>
Sent: Friday, October 08, 2004 1:44 PM
Subject: Re: [LARTC] Problem with VPN routing from internal network
>
> Hi!
>
> Correct me if I am wrong, what it looks like to me is this :
>
>
> 192.168.1.0/24 10.0.0.1 10.0.0.2 192.168.2.0/24
> server net serverfw openvpn clientfw client net
>
> On the serverfw you need a static route to the client net:
> route add net 192.168.2.0 netmask 255.255.255.0 gw 10.0.0.2
>
> On the client net the other way round:
> route add net 192.168.1.0 netmask 255.255.255.0 gw 10.0.0.1
>
> Firewall must allow all traffic through tun+
> And of course must allow traffic coming from the opposite network.
>
> Hope this helps,
>
> .peter
>
>
>
>
>
> On Fri, 8 Oct 2004, Remus wrote:
>
>
>
>
>
>> Hi folks,
>>
>> I have the two firewalls (Slackware current) in differnt cities connected
>> via OpenVPN.
>> I can ping the network behind server firewall from client firewall
>> server.
>> But how to route/iptable network traffic from the network behind client
>> firewall to see the netwrok behind server firewall?
>>
>> Thank you
>>
>> Remus
>>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2004-10-08 13:46 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-08 11:03 [LARTC] Problem with VPN routing from internal network Remus
2004-10-08 12:44 ` Peter Huetmannsberger
2004-10-08 13:46 ` Remus [this message]
2004-10-08 14:28 ` [LARTC] Problem with VPN routing from internal network + tun0 Peter Huetmannsberger
2004-10-08 15:11 ` [LARTC] Problem with VPN routing from internal network + tun0 and traffic shaping Rimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='019901c4ad3d$25a57ff0$6e69690a@RIMAS' \
--to=rmocius@auste.elnet.lt \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.